MAL-2026-10210: Malicious code in mcp-notes-server-poc-praetorian (npm)
The npm package mcp-notes-server-poc-praetorian version 0.1.0 contains malicious code that, upon startup, sends an unconditional HTTPS GET request to a hardcoded third-party host. This request includes the installer's process UID and the lowercase hostname, effectively exfiltrating host-identifying information to an external operator. The package is presented as a proof-of-concept but poses a privacy risk to any system running it. This exfiltration occurs before any legitimate functionality of the package is executed.
AI Analysis
Technical Summary
The [email protected] npm package executes a hardcoded HTTPS GET request on startup to a third-party domain (ft8swuagwwf6newi.ixx.sh), embedding sensitive host information such as the installer's process UID and hostname in the URL and User-Agent header. This behavior acts as a beacon to an out-of-band DNS/HTTP listener controlled by the package author, enabling host identification data to be logged externally. Although labeled as a proof-of-concept demonstrating arbitrary code execution risks in stdio MCP servers, the package's publication on npm exposes downstream users to unintended data leakage.
Potential Impact
Systems running [email protected] will have their process UID and hostname transmitted to a third-party server controlled by the package author. This results in host identifier exfiltration, potentially compromising privacy and enabling further targeted attacks or reconnaissance by the malicious actor. There is no indication of additional payloads or exploitation beyond this data leakage.
Mitigation Recommendations
No official patch or remediation is currently documented for this package. Users should avoid installing or running [email protected]. Since this is a malicious package published on npm, the best mitigation is to remove it from any environment where it is installed and to audit dependencies to prevent inclusion of this package. Monitor npm advisories for any updates or removals related to this package.
MAL-2026-10210: Malicious code in mcp-notes-server-poc-praetorian (npm)
Description
The npm package mcp-notes-server-poc-praetorian version 0.1.0 contains malicious code that, upon startup, sends an unconditional HTTPS GET request to a hardcoded third-party host. This request includes the installer's process UID and the lowercase hostname, effectively exfiltrating host-identifying information to an external operator. The package is presented as a proof-of-concept but poses a privacy risk to any system running it. This exfiltration occurs before any legitimate functionality of the package is executed.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The [email protected] npm package executes a hardcoded HTTPS GET request on startup to a third-party domain (ft8swuagwwf6newi.ixx.sh), embedding sensitive host information such as the installer's process UID and hostname in the URL and User-Agent header. This behavior acts as a beacon to an out-of-band DNS/HTTP listener controlled by the package author, enabling host identification data to be logged externally. Although labeled as a proof-of-concept demonstrating arbitrary code execution risks in stdio MCP servers, the package's publication on npm exposes downstream users to unintended data leakage.
Potential Impact
Systems running [email protected] will have their process UID and hostname transmitted to a third-party server controlled by the package author. This results in host identifier exfiltration, potentially compromising privacy and enabling further targeted attacks or reconnaissance by the malicious actor. There is no indication of additional payloads or exploitation beyond this data leakage.
Mitigation Recommendations
No official patch or remediation is currently documented for this package. Users should avoid installing or running [email protected]. Since this is a malicious package published on npm, the best mitigation is to remove it from any environment where it is installed and to audit dependencies to prevent inclusion of this package. Monitor npm advisories for any updates or removals related to this package.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10210
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a54ae0768715ace438f8516
Added to database: 07/13/2026, 09:21:11 UTC
Last enriched: 07/13/2026, 09:57:52 UTC
Last updated: 07/13/2026, 09:57:52 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.